notfound 637940 haskell-leksah/0.10.0.4-2
thanks
The bug was only present in haskell-leksah-server and fixed by Joachim
Breitner. This should finally close the bug report.
Helmut
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Hi Noèl,
Can you give a status on this package? Your last upload seems to be 2.5
years ago. It is rc buggy with a patch for almost half a year. How to
proceed with it? Will you upload a fix any time soon? Should BSP MG
upload doko's fix? Should the package be removed from the archive?
Some facts
As Ansgar Burchard pointed out the default pbuilder configuration does
not enforce usage of signed packages. If you are quick, you can spot a
warning about an unverified signature. Since version 0.199 there is a
way to turn on enforced signature verification. The method is documented
both in man
Source: cherokee
Version: 1.2.101-1
Severity: serious
Tags: security
References:
CVE-2011-2191
https://bugs.launchpad.net/ubuntu/+source/cherokee/+bug/784632
https://bugzilla.redhat.com/show_bug.cgi?id=713304
Please verify whether the issue is still present in the package. A quick
look at
On Wed, Dec 14, 2011 at 10:25:37PM +0100, Guillaume Delacour wrote:
Le samedi 03 décembre 2011 à 11:39 +0100, Jan Lübbe a écrit :
On Tue, 2011-11-01 at 22:00 +0100, Guillaume Delacour wrote:
To access further information about this package, please visit the
following URL:
. (Closes: #628237)
+
+ -- Helmut Grohne hel...@subdivi.de Sat, 03 Mar 2012 22:42:42 +0100
+
cyrus-sasl2 (2.1.25.dfsg1-3) unstable; urgency=low
[ Thomas Preud'homme ]
diff -Nru cyrus-sasl2-2.1.25.dfsg1/debian/control
cyrus-sasl2-2.1.25.dfsg1/debian/control
--- cyrus-sasl2-2.1.25.dfsg1/debian
I reproduced the problem with valgrind and debug symbols. The output is
likely helpful for anyone interested in tracking down this issue. This
is sid i386, slapd version 2.4.28-1.1, gnutls version 2.12.16-1.
==9140== Memcheck, a memory error detector
==9140== Copyright (C) 2002-2011, and GNU
Package: src:agda
Version: 2.3.0-1+b3
Severity: serious
Justification: FTBFS
Excerpt from the build log[1]:
| for setup in Setup.lhs Setup.hs; do if test -e $setup; then ghc --make $setup
-o debian/hlibrary.setup; exit 0; fi; done
| [1 of 1] Compiling Main ( Setup.hs, Setup.o )
|
Package: rrdcached
Version: 1.4.7-1
Severity: serious
Justification: uninstallable
| Unpacking rrdcached (from .../rrdcached_1.4.7-1_amd64.deb) ...
| Processing triggers for doc-base ...
| Processing 1 added doc-base file...
| Processing triggers for man-db ...
| Setting up rrdcached (1.4.7-1)
Package: foxyproxy
Version: 2.22.6-1
Severity: grave
Justification: renders package unusable
After upgrading iceweasel the foxyproxy extension is disabled in
iceweasel. Since most users of foxyproxy will be using this version of
iceweasel soon it will affect most users and thus warrants severity
Package: oprofile
Version: 0.9.6-1.2
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for oprofile.
CVE-2011-2473[0]:
| The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and
| earlier might allow local users to create or
Hi Joey,
thanks for your response.
On Sat, Jan 07, 2012 at 01:01:56PM -0400, Joey Hess wrote:
Helmut Grohne wrote:
* preinst will do the tricky transition part. If it is called during an
upgrade and /etc/sgml/$package.cat is not owned by any package (this
is currently the case
Hi Joey,
On Sat, Jan 07, 2012 at 02:53:46PM -0400, Joey Hess wrote:
But update-catalog can get new switches that handle the transition, and
debhelper can update the code to use them.
Ok. Let's evaulate what could be changed about update-catalog.
1) package catalog.
As per Daniel's request
reassign 477751 debhelper
affects 477751 sgml-base
thanks
Reasons:
* The debhelper templates are mainly responsible for this issue.
* Any solution that fixes this issue requires changes to debhelper.
* There exists a solution (attached to this bug log), that solves the
issue by just
affects 644591 + agda-stdlib
thanks
$ ghci -package Agda
GHCi, version 7.0.4: http://www.haskell.org/ghc/ :? for help
Loading package ghc-prim ... linking ... done.
Loading package integer-gmp ... linking ... done.
Loading package base ... linking ... done.
Loading package
Control: severity -1 important
Javier Domingo wrote:
nouveau driver is not recognising GTX560
The definition of critical includes affecting all users. This is not the
case.
A little more information such as pciids would be welcome as well.
Helmut
--
To UNSUBSCRIBE, email to
Package: liblockfile1
Version: 1.09-4
Severity: serious
Steps taken:
Install liblockfile1:amd64. Observe that it ships
/usr/share/doc/liblockfile1. Install liblockfile1:i386. Observe that
/usr/share/doc/liblockfile1 is still correctly there. Remove
liblockfile1:i386, but not liblockfile1:amd64.
Package: libphone-utils0
Version: 0.1+git20110523-1.2
Severity: serious
It is technically possible to install libphone-utils0:amd64 and
libphone-utils0:i386 in parallel. If I then purge libphone-utils0:i386,
/etc/phone-utils.conf will disappear even though it is still needed by
Package: src:dspam
Version: 3.10.2+dfsg-2
Severity: serious
Let me give an example of the general issue in libdspam7. All the other
issues are of similar nature.
It is possible to install libdspam7:amd64 and libdspam7:i386 in
parallel. Now a user could purge libdspam7:i386, but still use
Control: severity -1 important
On Wed, Dec 05, 2012 at 07:07:24PM +0400, Vladimir Lysikov wrote:
Severity: grave
Justification: renders package unusable
The package has uses beyond compilation.
Data.FFI module is contained in ffi subdirectory of source tarball.
It is needed for compilation
On Fri, Dec 07, 2012 at 12:41:19AM +0100, Dominik George wrote:
I propose that you, Helmut, try to test whether this fixes the problem and
report back if it does.
Thanks for your work on this issue.
Introducing a new binary package is a quite big change. Please contact
the release team on
[Dropping adsb as he is probably not interested in technical details.]
On Tue, Dec 11, 2012 at 02:25:54AM +0100, Sebastian Reichel wrote:
preparing a upload for testing was what I indented to do, too.
I planed to check how to fix this without removing M-A support,
though. It should be possible
Control: reopen -1
Control: found -1 dspam/3.10.2+dfsg-3
On Thu, Dec 20, 2012 at 07:06:07AM +, Debian Bug Tracking System wrote:
* Only lock dspam user account when the last libdspam7 package is purged
(Thanks Jakub Wilk for the review, Closes: #695275).
The fix is still
[Adding multiarch-devel to CC for a comment on point 3.]
On Sun, Jan 06, 2013 at 12:50:35PM +0100, Thomas Preud'homme wrote:
Ah yes sorry. I searched explicitely for user locking but of course it's the
case for any shared (among arch) resources modified/removed on purge.
Actually looking at
On Sun, Dec 30, 2012 at 12:14:51PM +0100, intrigeri wrote:
Helmut, Jayes: can you please confirm that this bug is fixed in mpd
0.17.1-1, that's currently available in Debian unstable?
I cannot reproduce the issue on Debian sid/amd64 running mpd 0.17.1-1.
Thanks for sorting this out.
Helmut
+0200
@@ -1,3 +1,11 @@
+xml2rfc (1.36-4.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Always remove /etc/sgml/xml2rfc.cat when it is not a conffile.
+(Closes: #680291)
+
+ -- Helmut Grohne hel...@subdivi.de Sun, 14 Oct 2012 21:11:45 +0200
+
xml2rfc (1.36-4) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Work around test suite hangs by adding --quick-random when generating
+keys. Closes: #682648
+
+ -- Helmut Grohne hel...@subdivi.de Mon, 22 Oct 2012 23:30:19 +0200
+
python-gnupg (0.3.0-1) unstable; urgency=low
* New upstream release
diff -Nru python-gnupg
Package: src:glassfish
Version: 1:2.1.1-b31g-3
Severity: serious
Tags: security
Dear glassfish maintainers,
Please determine whether and how glassfish as present in Debian is
affected by CVE-2012-3155. Please adjust the severity of this bug
accordingly.
| Unspecified vulnerability in the CORBA
So I had a further look into the dropbear initramfs issue. The code
where the breakage occurs is dropbear's hook:
| LIBC_DIR=$(ldd /usr/sbin/dropbear | sed -n -e 's,.* =
\(/lib.*\)/libc\.so\..*,\1,p')
| for so in $(find ${LIBC_DIR} -name 'libnss_compat*'); do
| copy_exec ${so} ${LIBC_DIR}
On Thu, Nov 08, 2012 at 11:03:20AM +0100, Jérémy Bobbio wrote:
Do you confirm that leaving out the second parameter creates a correct
initramfs when libc6-i686 is installed?
Using pbuilder and a plain sid i386 chroot I verified the following:
1) With libc6-i686 installed the nss_compat files do
On Thu, Nov 08, 2012 at 12:23:37PM +0100, Jérémy Bobbio wrote:
Just to make it clear, your workaround and removing the second
parameter both result in having libnss_compat in `/lib/i686/cmov`?
Thanks for your attention to detail.
My workaround used the non-i686 versions of those files. The
Source: w3c-dtd-xhtml
Severity: serious
Dear maintainer(s) of w3c-dtd-xhtml,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
. (Closes: #675481)
+ * Update transitional code in postinst to play well with new sgml-base.
+
+ -- Helmut Grohne hel...@subdivi.de Tue, 12 Jun 2012 11:24:49 +0200
+
docbook-website (2.5.0.0-7.2) unstable; urgency=low
* NMU.
diff -u docbook-website-2.5.0.0/debian/docbook-website.postinst
tags 674913 + patch
tags 675488 + patch
thanks
On Mon, May 28, 2012 at 05:06:18PM +0200, Helmut Grohne wrote:
Your package calls update-catalog on /etc/sgml/$PACKAGE.cat. The latter
file will transition to a conffile, so changing that file induces
questions to the user. Please remove the old
@@
+sgmltools-lite (3.0.3.0.cvs.20010909-15.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Remove transitional call to update-catalog from postinst. The call is a
+noop since the new sgml-base version. (Closes: #674914)
+
+ -- Helmut Grohne hel...@subdivi.de Tue, 12 Jun 2012 11:39:39
to debhelper 9.
+ * Especially use dh_installcatalogs. (Closes: #674911, #656170)
+
+ -- Helmut Grohne hel...@subdivi.de Fri, 15 Jun 2012 16:53:42 +0200
+
xml2rfc (1.36-2) unstable; urgency=low
* added postrm script to purge /etc/sgml/xml2rfc.cat{,.old}
diff -Nru xml2rfc-1.36/debian/compat xml2rfc
Hi Rhonda,
Thanks for your work on stable rc bugs!
On Fri, Jun 15, 2012 at 10:32:15PM +0200, Gerfried Fuchs wrote:
I just got notified that I'm blind. Found the dependency now, and
actually, squeeze package has a lower versioned dependency on sgml-base.
Good.
But given that #477751 is
Hi Daniel,
On Fri, Jun 15, 2012 at 06:10:02PM +0200, Helmut Grohne wrote:
Please review my changes. Can I also ask you to upload them?
I updated the .debdiff with some remarks from Jakub Wilk. In the absence
of any further response from you I will seek a sponsor to NMU this.
Helmut
diff -Nru
On Sat, Jun 23, 2012 at 10:29:29PM +0900, Osamu Aoki wrote:
This is non-essential but I thought it may be good idea not to make
postinst script robust. As it is written now, any non-zero exit code of
update-catalog will break postinst script.
This is somewhat intentional. If update-catalog
On Sun, Jun 24, 2012 at 02:22:06AM +0900, Osamu Aoki wrote:
So you mean --quiet and error exit is good? I see. I still worry about
being too quiet to hide source of the trouble. Do you think we need
As far as I can see --quiet never hides error conditions. After all
--quiet is not that
reassign 678902 sgml-base
found 678902 sgml-base/1.16+nmu2
retitle 678902 sgml-base needs to Pre-Depend on dpkg 1.16.4
thanks
On Wed, Jun 27, 2012 at 12:15:45PM +0200, Mathieu Malaterre wrote:
Helmut could you please comment on #678902 ?
Thanks for bringing this to my attention.
The most
processing.
+
+ -- Helmut Grohne hel...@subdivi.de Thu, 21 Jun 2012 16:09:07 +0200
+
sgml-base (1.26+nmu3) unstable; urgency=low
* Non-maintainer upload.
diff -Nru sgml-base-1.26+nmu3/debian/control sgml-base-1.26+nmu4/debian/control
--- sgml-base-1.26+nmu3/debian/control 2012-05-28 13:58
Dear dpkg maintainers,
On Thu, Jun 28, 2012 at 02:05:56AM +0100, Ian Jackson wrote:
I'm not convinced that a Pre-Depends is the best answer here. I think
a better answer would be for the new dpkg to activate all file
triggers when it first starts, and for sgml-base to simply use
Depends.
Hi Joey,
sgml-base 1.26+nmu2 has been accepted in sid. Can you go ahead and
upload debhelper? I talked to the release team and will take care of the
binnmus.
Helmut
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: libmnl0
Version: 1.0.3-2
Severity: grave
Justification: renders package unusable
Please have a look at debian/control:
Package: libmnl0
...
Pre-Depends: i${misc:Pre-Depends}, multiarch-support
This results in:
Pre-Depends: imultiarch-support, multiarch-support
Since there is no
Source: docbook
Severity: serious
Dear maintainer(s) of docbook,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally overwrites files in
Source: debiandoc-sgml
Severity: serious
Dear maintainer(s) of debiandoc-sgml,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: docbook-dsssl
Severity: serious
Dear maintainer(s) of docbook-dsssl,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: docbook-ebnf
Severity: serious
Dear maintainer(s) of docbook-ebnf,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally overwrites
Source: docbook-html-forms
Severity: serious
Dear maintainer(s) of docbook-html-forms,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: docbook-mathml
Severity: serious
Dear maintainer(s) of docbook-mathml,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: docbook-simple
Severity: serious
Dear maintainer(s) of docbook-simple,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: docbook-slides
Severity: serious
Dear maintainer(s) of docbook-slides,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: docbook-website
Severity: serious
Dear maintainer(s) of docbook-website,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: docbook-xml
Severity: serious
Dear maintainer(s) of docbook-xml,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally overwrites
Source: xml-core
Severity: serious
Dear maintainer(s) of xml-core,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally overwrites files in
Source: libcommons-validator-java
Severity: serious
Dear maintainer(s) of libcommons-validator-java,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that
Source: sgml-data
Severity: serious
Dear maintainer(s) of sgml-data,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally overwrites files
Source: python-docutils
Severity: serious
Dear maintainer(s) of python-docutils,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally
Source: sgml2x
Severity: serious
Dear maintainer(s) of sgml2x,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally overwrites files in
Source: dtd-ead
Severity: serious
Dear maintainer(s) of dtd-ead,
TL;DR: Please upload a new version of this package closing this bug.
Problem
~~~
Your package uses the dh_installcatalogs helper from debhelper. This helper
added code to the postinst that unconditionally overwrites files in
reassign 675613 dpkg
affects 675613 + debiandoc-sgml docbook docbook-dsssl docbook-ebnf
docbook-html-forms docbook-mathml docbook-simple docbook-slides docbook-website
docbook-xml dtd-ead libcommons-validator-java python-docutils sgml-data sgml2x
w3c-dtd-xhtml xml-core
thanks
Hi Osamu,
Thanks
Hi Guillem,
Thanks for your quick and helpful response.
On Sat, Jun 02, 2012 at 11:55:48PM +0200, Guillem Jover wrote:
So on first thought, I think the solution would be to make dpkg
activate file triggers for the parent directories on configure so that
this case is handled correctly. In fact
# processing 676062
reassign 676062 dpkg
forcemerge 675613 676062
affects 675613 + src:debiandoc-sgml-doc-pt-br
# processing 676061
affects 675613 + src:doc-base
# processing 676107
affects 675613 + src:debian-faq
# processing 676122
affects 675613 + src:debian-history
# processing 676118
reassign
Package: munin
Version: 2.0.2-1
Severity: grave
Tags: security
Justification: user security hole
The default apache configuration shipped and automatically enabled by
munin is insecure, because it includes an authentication bypass. The
config intends to restrict access to the graphs to localhost:
Package: ntp
Version: 1:4.2.6.p2+dfsg-1+b1
Severity: serious
Justification: dependency based boot release goal
User: initscripts-ng-de...@lists.alioth.debian.org
Usertags: missing-dependency
I was trying to run ntp with unbound and noticed that in /etc/rc2.d they
are linked as S02ntp and
+ * Preserve old sgml catalogs as .old files to a void data loss.
+
+ -- Helmut Grohne hel...@subdivi.de Thu, 02 Aug 2012 21:55:41 +0200
+
debhelper (9.20120608) unstable; urgency=low
* dh: When there's an -indep override target without -arch, or vice versa,
tags 678902 + patch
thanks
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678902#33
Helmut
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
forcemerge 676717 675462
thanks
Helmut
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: munin
Version: 1.4.5-3
Severity: serious
Tags: security
I wondered where a socket /tmp/munin-master-processmanager-12345.sock
would come from and whether it was created in a secure way. In the
presence of this bug report you may have guessed, that it is not. The
corresponding code can be
Control: fixed 683998 2.0.1-1
Control: tags 683998 + patch
As said in my previous mail the issue stems from the rundir default.
This variable is set in /usr/share/perl5/Munin/Master/Config.pm. In the
wheezy version rundir is changed to MUNIN_STATEDIR, so wheezy is not
affected. I would assume
I investigated whether just fixing the smart_ plugin would be enough of
a workaround for stable. We only have a finite amount of plugins that
can instantiate this vulnerability. Just how many do? Basically we are
interested in those plugins that run with elevated privileges and use
state files.
+nmu5) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Raise perl dependency to avoid upgrade failures from squeeze. The way we
+use readdir does not work on squeeze.
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678902#62
+
+ -- Helmut Grohne hel...@subdivi.de Mon, 27 Aug 2012 21
Control: block 680291 by 681194
Hi Emanuele,
Thank you very much for notifying me of this issue. Also sorry for not
having answered earlier.
On Mon, Aug 13, 2012 at 11:52:30AM +0200, Emanuele Rocca wrote:
This seems to be related to the changes introduced to dh_installcatalogs
(see #477751).
Hi Joey,
According to the release team (Julien Cristau on IRC), bug #681194 must
be fixed in time for wheezy. I attached a patch[1] almost a month ago.
Please do one of the following:
1) Upload a new version of debhelper including my patch.
2) Give me a reason for not including that particular
points.
On Sat, Jan 07, 2012 at 10:25:17PM +0100, Helmut Grohne wrote:
On Sat, Jan 07, 2012 at 02:53:46PM -0400, Joey Hess wrote:
But update-catalog can get new switches that handle the transition, and
debhelper can update the code to use them.
Ok. Let's evaulate what could be changed about
Hi Joey,
Thanks for your quick response after the ping.
On Sun, Apr 15, 2012 at 02:47:03PM -0400, Joey Hess wrote:
Your patch already has the preinst calling update-catalog. AFAICS,
update-catalog could check with dpkg-query if the file is not owned
by a package, and not remove it unless
Control: reopen 683998
Control: fixed 683998 2.0.1-1
On Mon, Sep 03, 2012 at 02:15:06PM +, Debian Bug Tracking System wrote:
It has been closed by Holger Levsen hol...@layer-acht.org.
I slightly disagree. I can see that this issue does not affect wheezy,
but the bug remains open in squeeze.
On Sat, Sep 08, 2012 at 04:16:41PM +0100, Adam D. Barratt wrote:
No, that's not how the BTS works. A versioned closing of the bug as
soon as it's fixed in /any/ version is perfectly acceptable, and
expected. The BTS is perfectly capable of knowing that a bug is fixed
in unstable but not in
Hi Gregor,
I took a bit longer to respond, but I have not forgotten about this
issue.
On Fri, Aug 31, 2012 at 05:44:07PM +0200, gregor herrmann wrote:
On Wed, 29 Aug 2012 22:17:13 +0200, Helmut Grohne wrote:
Helmut, I took the liberty to put you in CC as you probably have some
hints
On Fri, Sep 14, 2012 at 01:43:31PM +0200, Andreas Beckmann wrote:
Control: found 681194 debhelper/9.20120830
Countrol: found 680291 xml2rfc/1.36-4
Hi Helmut,
we missed one case:
If the package contained neither conffiles nor a postrm script (example:
xml2rfc in squeeze/non-free),
Control: notfound 681194 debhelper/9.20120830
On Mon, Sep 17, 2012 at 11:13:43AM +0200, Andreas Beckmann wrote:
Any opposition to closing the debhelper issue again?
Tanks for te analysis. Please go aead!
Done.
In case of xml2rfc I see no other option that to forcefully remove the
Source: libpri
Version: 1.4.12-2
Severity: serious
Justification: fails to build from source
The upstream Makefile creates a version.c which is not removed
during (make) clean. Thus the second attempt to build the package
fails with a message from dpkg-source saying that local changes
(to
Hi Kurt,
Please always CC the bug report when adding detail to it. Doing it now
for you.
On Mon, Apr 16, 2012 at 01:19:32PM -0600, Kurt Seifried wrote:
[3] Remote users can fill /tmp filesystem: Red Hat would not
consider this to be a security flaw = no RH BTS entry.
Original report:
On Tue, Apr 17, 2012 at 09:08:30AM -0400, Joey Hess wrote:
Helmut Grohne wrote:
An admin could call update-catalog --transition for a package that was
not rebuilt with the newer debhelper. In that case harm would still
happen. Do you have an idea about how to prevent this?
Since
On Tue, Apr 17, 2012 at 11:04:56PM -0600, Kurt Seifried wrote:
On 04/16/2012 11:34 PM, Helmut Grohne wrote:
The basic requirement is that a plugin called vmstat is configured
for the node localhost.localdomain. I just picked it as an example,
cause it is present on my system. In practise
Package: munin-plugins-extra
Version: 1.4.5-3
Severity: serious
File: /usr/share/munin/plugins/spamstats
Justification: unlicensed source
$ head -n20 /usr/share/munin/plugins/spamstats
#!/usr/bin/perl
# -*- perl -*-
=head1 NAME
spamstats - Plugin to graph spamassassin throughput
=head1
On Thu, Apr 26, 2012 at 01:57:33PM -0400, Joey Hess wrote:
While I'm leaning toward just putting the code in debhelper,
I am worried about another issue in the patch. It makes
update-catalog be called only on new install, not upgrade ([-z $2]).
But then, if a catalog is added to an existing
On Thu, Apr 26, 2012 at 06:18:40PM -0400, Joey Hess wrote:
This is why I originally recommended that the registration process be
converted to use triggers. A [directory full] of catalogs, and a root catalog
file automatically generated from them (which need not be a config file
in /etc) is a
catalog from /etc/sgml directory contents.
+This does not solve #477751, but the upcoming debhelper changes will solve
+that bug based on this work.
+ * Do not truncate the manual pages during build.
+
+ -- Helmut Grohne hel...@subdivi.de Mon, 30 Apr 2012 17:15:48 +0200
+
sgml-base (1.26+nmu1
On Mon, Apr 30, 2012 at 12:24:52PM -0400, Joey Hess wrote:
Helmut Grohne wrote:
On the debhelper side it should be enough to remove all remaining calls
to update-catalog and introduce a dependency on the changed sgml-base. I
did not test this thus far.
Won't dh_installcatalogs also need
On Mon, Apr 30, 2012 at 05:52:35PM +0200, Helmut Grohne wrote:
On the debhelper side it should be enough to remove all remaining calls
to update-catalog and introduce a dependency on the changed sgml-base. I
did not test this thus far.
I worked out the remaining bits and tested them
Package: git-extras
Version: 1.7.0-1.1
Severity: serious
Tags: security
The git-effort utility uses /tmp/.git-effort as the name of its
temporary filename. While this already prevents two users from using
this utility (due to not cleaning its temporary file) it also allows for
targeted symbolic
On Sat, Jan 19, 2013 at 10:51:23AM -0600, Rob Browning wrote:
Assuming I understood the situation correctly, this might be a plausible
fix:
Yes. Thanks for your quick reaction.
Helmut
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Package: src:webkit
Severity: grave
Tags: security
Justification: user security hole
Dear webkit maintainers,
On behalf of the security team I am creating a bug for the following
CVE identifiers supposedly affecting webkit.
CVE-2013-0948
CVE-2013-0949
CVE-2013-0950
CVE-2013-0951
CVE-2013-0952
Package: libhttpclient-java
Version: 4.2.1-1
Severity: grave
Tags: security
In the version above the common name match of the certificate check was
rewritten. So the versions in squeeze and wheezy are not affected. The
rewritten version contains a bug (uses length of wrong object) and
thereby
Package: src:pixman
Severity: grave
Tags: security
The pixman library may be affected by CVE-2013-1591.
| Stack-based buffer overflow in libpixman, as used in Pale Moon before
| 15.4, has unspecified impact and attack vectors.
The only references I could find so far were:
Package: ntop
Version: 3:4.99.3+ndpi5517+dfsg2-1
Severity: grave
Tags: security
Justification: looks like a buffer overflow
X-Debbugs-CC: deb...@cygnusnetworks.de
Running ntop under gdb. In most cases it segfaults within the first 10 seconds.
# gdb /usr/sbin/ntop
GNU gdb (GDB) 7.4.1-debian
Hi Ludovico,
On 18.02.2013, at 14:18, Ludovico Cavedon cave...@debian.org wrote:
Are you able to send me a network capture that would make it crash?
I cannot send you a capture, because that could compromise the
confidentiality of the data send by users. I am currently trying to
reproduce the
Dear javascript maintainers,
I am writing to you, because I seek help with doxygen. For wheezy I
believe that Mònica Ramírez Arceda's patch is the way to go, so this
mail entirely applies to jessie.
** First embedding of jquery: src:doxygen
The current situation is that doxygen upstream
101 - 200 of 1514 matches
Mail list logo
